US20120278857A1 - Method for unlocking a secure device - Google Patents
Method for unlocking a secure device Download PDFInfo
- Publication number
- US20120278857A1 US20120278857A1 US13/519,975 US201013519975A US2012278857A1 US 20120278857 A1 US20120278857 A1 US 20120278857A1 US 201013519975 A US201013519975 A US 201013519975A US 2012278857 A1 US2012278857 A1 US 2012278857A1
- Authority
- US
- United States
- Prior art keywords
- handset
- secure device
- over
- secure
- response
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/40—Security arrangements using identity modules
- H04W12/48—Security arrangements using identity modules using secure binding, e.g. securely binding identity modules to devices, services or applications
Definitions
- the invention relates to the field of wireless telecommunications, and especially deals with a method for unlocking a secure device and subscription token.
- a subscription secure token such as a UICC can host an application that will associate the token to a particular host device, such as a wireless handset. This procedure is referred to as “IMEI Lock” application or “SIM Locking” application.
- the token does not provide the appropriate credentials to connect to the network.
- the token uses a unique identifier of the host device, such as the IMEI. This identifier is retrieved by the subscription secure token from the host device during the power-up sequence, before attachment to the network. This association may be provided by inserting the secure token into the host device the first time.
- the secure token includes data that allows the handset to authenticate itself with the network and to receive services from the network.
- the particular handset also called paired handset, is uniquely identified in a network.
- the paired handset is uniquely identified by identifiers such as the International Mobile Equipment Identification (“IMEI”) as defined in GSM 03.03—version 3.6.0.
- IMEI International Mobile Equipment Identification
- the IMEI Lock application locks the UICC to the particular handset also called the paired handset with which it is associated to, by retrieving for example the IMEI of the current handset and checking if it matches with the IMEI of the paired handset. Then if a UICC is inserted in an unauthorised handset, i.e. in a handset different from the paired handset, the IMEI Lock application prevents the unauthorised handset from attaching to the network through various methods, for example by running an infinite loop, replacing the IMSI file, etc . . .
- the unauthorised handset may for example display a message requesting that the user enters an unlocking code, or may simply display a message indicating that the secure device is locked.
- the present invention provides a method for unlocking a secure device, said secure device being adapted to be associated with a first device and being adapted to be locked when it is associated to a second device different from the first device, said first device being the paired device, the method comprising a step of unlocking the secure device over-the-air when the secure device is connected to the second device.
- FIG. 1 schematically shows an embodiment of a method according to the invention in a nominal use case.
- the invention deals with a method for unlocking a secure device 10 over-the-air.
- a secure device 10 such as a Universal Integrated Circuit Card (UICC) also called smart card or subscriber identification module (SIM) card, paired to a first handset 11 such as a mobile device—step S 1 .
- This first handset 11 is uniquely identified by a first identifier.
- the identifier is the International Mobile Equipment Identification of the paired handset 11 .
- the first identifier will be called the first International Mobile Equipment Identification IMEI 1 .
- a second handset 12 is uniquely identified by a second identifier also called second International Mobile Equipment Identification IMEI 2 .
- a locking application also called IMEI Lock application or locking application hereinafter stored in the secure device 10 , detects that the current handset 12 in not the paired handset 11 , i.e. the first handset 11 as it should be.
- the locking application compares IMEI 2 with the first identifier IMEI 1 .
- the locking application Just after the locking application has detected that the current handset 12 is not the expected paired handset 11 , and before going into a lock mode which prevents the handset 12 from attaching to the network, the locking application sends notification to an Over-the-air 3 in step S 3 .
- the OTA server is the one responsible for authorizing the pairing request.
- the authorization response may include other updates in the UICC (files and/or applications).
- the notification when performed by IP, will be HTTPS POST optionally including some data that can be used by the OTA Server to validate the pairing as for example, the new identifier, the previous identifier, the user identification, etc . . .
- This notification gives the choice to the OTA server to send an update to the locking application, in order either to disable it, or to pair the secure device 10 with the second handset 12 .
- the notification is preferably sent by an IP/data channel.
- step S 4 the locking application then waits for the Over-The-Air server to close the data channel, so as to know for example that there is no pending update, or no pending request from the Over-The-Air server.
- the communication is done by using HTTP over BIP protocol.
- CLOSE CHANNEL proactive command
- the OTA server sends to the UICC an answer to the HTTP indicating to the UICC that there is no additional information to be sent.
- the UICC then sends a command “CLOSE CHANNEL” to the handset.
- the application is notified when the communication is finished and at this moment it takes the decision based on the information received—if any—if it locks or not the UICC.
- the locking application goes into a locking mode in step S 5 .
- the locking application runs the same steps at each secure device initialization process, so as a customer care agent 14 in step S 6 is able to send an unlock request to the OTA server.
- the UICC only one handset is paired to the UICC. This means that once the UICC is paired with handset 12 , if it is inserted in the handset 11 again, the lock mechanism will be triggered. A new pairing authorization request is sent to the OTA server. In case the handset 12 is not authorized by the OTA server, the UICC is still paired with handset 11 , meaning that if inserted back into handset 11 , it will properly function.
- the unlock request will be taken into account when the user will reboot the new paired handset 12 , which is here the second handset 12 .
- step S 7 the locking application runs for example step S 2 . It then detects the second identifier IMEI 2 of the second handset 12 and sends a notification to the Over-The-Air server as in step S 3 .
- the Over-The-Air server checks whether it has received a new pairing request or not in step S 8 . As the Over-The-Air server 13 received a pairing request in step S 6 , the Over-The-Air server 13 sends in step S 9 , pairing request to the secure device 10 . In step S 10 , the secure device 10 is paired with the new paired handset 12 , which is the second handset 12 .
- the second handset 12 may be attached to the network as the UICC has been unlocked over-the-air.
- Another advantage is that this method allows to unlock the secure device 10 Over-The-Air even if the initial paired handset 11 is not available.
- the invention also gives the flexibility to an operator to implement the unlock automatically based on a specific rule, for example, if the IMEI belongs to an operator device database. The user does not need to call the customer service in some kinds of replacement.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Telephonic Communication Services (AREA)
- Telephone Function (AREA)
- Lock And Its Accessories (AREA)
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CA2009/001901 WO2011079369A1 (fr) | 2009-12-30 | 2009-12-30 | Procédé permettant de déverrouiller un dispositif sécurisé |
CAPCT/CA2009/001901 | 2009-12-30 | ||
PCT/CA2010/002063 WO2011079386A1 (fr) | 2009-12-30 | 2010-12-24 | Procédé de déverrouillage d'un dispositif sécurisé |
Publications (1)
Publication Number | Publication Date |
---|---|
US20120278857A1 true US20120278857A1 (en) | 2012-11-01 |
Family
ID=44226068
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/519,975 Abandoned US20120278857A1 (en) | 2009-12-30 | 2010-12-24 | Method for unlocking a secure device |
Country Status (3)
Country | Link |
---|---|
US (1) | US20120278857A1 (fr) |
EP (1) | EP2520111A4 (fr) |
WO (2) | WO2011079369A1 (fr) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140208384A1 (en) * | 2013-01-22 | 2014-07-24 | Push Science | System and method for managing, controlling and enabling data transmission from a first device to at least one other second device, wherein the first and second devices are on different networks |
US10078748B2 (en) | 2015-11-13 | 2018-09-18 | Microsoft Technology Licensing, Llc | Unlock and recovery for encrypted devices |
US20210037379A1 (en) * | 2018-04-30 | 2021-02-04 | Tracfone Wireless, Inc. | System and Process for Locking a Subscriber Identity Module (SIM) Card to a Wireless Device |
Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6321079B1 (en) * | 1998-03-18 | 2001-11-20 | Nec Corporation | Network operator controlled locking and unlocking mechanism for mobile telephones |
US6772331B1 (en) * | 1999-05-21 | 2004-08-03 | International Business Machines Corporation | Method and apparatus for exclusively pairing wireless devices |
US20060083187A1 (en) * | 2004-10-18 | 2006-04-20 | Mobile (R&D) Ltd. | Pairing system and method for wirelessly connecting communication devices |
US20080161050A1 (en) * | 2006-12-29 | 2008-07-03 | Shudark Jeffrey B | Method for configuring a wireless communication device to operate in a wireless communication system through automatic SIM pairing and associated wireless communication device |
US20090058635A1 (en) * | 2007-08-31 | 2009-03-05 | Lalonde John | Medical data transport over wireless life critical network |
US20100045425A1 (en) * | 2008-08-21 | 2010-02-25 | Chivallier M Laurent | data transmission of sensors |
US20100200748A1 (en) * | 2009-02-12 | 2010-08-12 | Ict Integrated Circuit Testing Gesellschaft Fur Halbleiterpruftechnik Mbh | Arrangement and method for the contrast improvement in a charged particle beam device for inspecting a specimen |
US20100299748A1 (en) * | 2007-12-10 | 2010-11-25 | Telefonaktiebolaget L M Ericsson (Publ) | Method for alteration of integrity protected data in a device, computer program product and device implementing the method |
US20110081950A1 (en) * | 2009-10-01 | 2011-04-07 | Metropcs Wireless, Inc. | System and method for pairing a uicc card with a particular mobile communications device |
US7941167B2 (en) * | 2005-03-31 | 2011-05-10 | Microsoft Corporation | Mobile device synchronization based on proximity to a data source |
US8219080B2 (en) * | 2006-04-28 | 2012-07-10 | Research In Motion Limited | Methods and apparatus for producing a user-controlled PLMN list for a SIM/USIM card with use of a user agent application |
US8346255B2 (en) * | 2010-02-11 | 2013-01-01 | Apple Inc. | Method and apparatus for using a wireless communication device with multiple service providers |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5864757A (en) * | 1995-12-12 | 1999-01-26 | Bellsouth Corporation | Methods and apparatus for locking communications devices |
WO2005051018A1 (fr) | 2003-10-28 | 2005-06-02 | Gemplus | Verrou de carte à puce pour la communication mobile |
FR2871007B1 (fr) | 2004-05-27 | 2006-07-14 | Gemplus Sa | Deverrouillage securise d'un terminal mobile |
FR2879867A1 (fr) * | 2004-12-22 | 2006-06-23 | Gemplus Sa | Systeme d'allocation de carte a puce a un operateur de reseau |
KR100811590B1 (ko) * | 2005-12-01 | 2008-03-11 | 엘지전자 주식회사 | 이동통신단말기 및 락해킹시 제어 방법 |
GB2454640A (en) * | 2007-07-05 | 2009-05-20 | Vodafone Plc | Received message verification |
-
2009
- 2009-12-30 WO PCT/CA2009/001901 patent/WO2011079369A1/fr active Application Filing
-
2010
- 2010-12-24 WO PCT/CA2010/002063 patent/WO2011079386A1/fr active Application Filing
- 2010-12-24 EP EP10840255.3A patent/EP2520111A4/fr not_active Withdrawn
- 2010-12-24 US US13/519,975 patent/US20120278857A1/en not_active Abandoned
Patent Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6321079B1 (en) * | 1998-03-18 | 2001-11-20 | Nec Corporation | Network operator controlled locking and unlocking mechanism for mobile telephones |
US6772331B1 (en) * | 1999-05-21 | 2004-08-03 | International Business Machines Corporation | Method and apparatus for exclusively pairing wireless devices |
US20060083187A1 (en) * | 2004-10-18 | 2006-04-20 | Mobile (R&D) Ltd. | Pairing system and method for wirelessly connecting communication devices |
US7941167B2 (en) * | 2005-03-31 | 2011-05-10 | Microsoft Corporation | Mobile device synchronization based on proximity to a data source |
US8219080B2 (en) * | 2006-04-28 | 2012-07-10 | Research In Motion Limited | Methods and apparatus for producing a user-controlled PLMN list for a SIM/USIM card with use of a user agent application |
US20080161050A1 (en) * | 2006-12-29 | 2008-07-03 | Shudark Jeffrey B | Method for configuring a wireless communication device to operate in a wireless communication system through automatic SIM pairing and associated wireless communication device |
US20090058635A1 (en) * | 2007-08-31 | 2009-03-05 | Lalonde John | Medical data transport over wireless life critical network |
US20100299748A1 (en) * | 2007-12-10 | 2010-11-25 | Telefonaktiebolaget L M Ericsson (Publ) | Method for alteration of integrity protected data in a device, computer program product and device implementing the method |
US20100045425A1 (en) * | 2008-08-21 | 2010-02-25 | Chivallier M Laurent | data transmission of sensors |
US20100200748A1 (en) * | 2009-02-12 | 2010-08-12 | Ict Integrated Circuit Testing Gesellschaft Fur Halbleiterpruftechnik Mbh | Arrangement and method for the contrast improvement in a charged particle beam device for inspecting a specimen |
US20110081950A1 (en) * | 2009-10-01 | 2011-04-07 | Metropcs Wireless, Inc. | System and method for pairing a uicc card with a particular mobile communications device |
US8346255B2 (en) * | 2010-02-11 | 2013-01-01 | Apple Inc. | Method and apparatus for using a wireless communication device with multiple service providers |
US20130115948A1 (en) * | 2010-02-11 | 2013-05-09 | Apple Inc. | Method and apparatus for using a wireless communication device with multiple service providers |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140208384A1 (en) * | 2013-01-22 | 2014-07-24 | Push Science | System and method for managing, controlling and enabling data transmission from a first device to at least one other second device, wherein the first and second devices are on different networks |
US10078748B2 (en) | 2015-11-13 | 2018-09-18 | Microsoft Technology Licensing, Llc | Unlock and recovery for encrypted devices |
US20210037379A1 (en) * | 2018-04-30 | 2021-02-04 | Tracfone Wireless, Inc. | System and Process for Locking a Subscriber Identity Module (SIM) Card to a Wireless Device |
US11758404B2 (en) * | 2018-04-30 | 2023-09-12 | Tracfone Wireless, Inc. | System and process for locking a subscriber identity module (SIM) card to a wireless device |
Also Published As
Publication number | Publication date |
---|---|
WO2011079369A1 (fr) | 2011-07-07 |
EP2520111A4 (fr) | 2016-11-16 |
EP2520111A1 (fr) | 2012-11-07 |
WO2011079386A1 (fr) | 2011-07-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10848589B2 (en) | Method and apparatus for receiving profile by terminal in mobile communication system | |
US8369823B2 (en) | Method for legitimately unlocking a SIM card lock, unlocking server, and unlocking system for a SIM card lock | |
US7088988B2 (en) | Over-the-air subsidy lock resolution | |
EP1562394B1 (fr) | Dispositif et procédé pour definir la restriction d'usage d'un terminal mobile de communication | |
US8407769B2 (en) | Methods and apparatus for wireless device registration | |
US9609510B2 (en) | Automated credential porting for mobile devices | |
US8553883B2 (en) | Method and apparatus for managing subscription credentials in a wireless communication device | |
US10050657B2 (en) | System and method for pairing a UICC card with a particular mobile communications device | |
CN101494854B (zh) | 一种防止非法sim lock解锁的方法、系统和设备 | |
US20080090548A1 (en) | Method for tracking mobile communication terminal | |
EP2486743A2 (fr) | Commande d'accès au réseau | |
CN109792601B (zh) | 一种eUICC配置文件的删除方法和设备 | |
KR20130108442A (ko) | 이동통신 단말기에 저장되는 중요 금융 정보의 보안 저장소를 위한 시스템 및 방법 | |
US20120278857A1 (en) | Method for unlocking a secure device | |
US20120149329A1 (en) | Method and apparatus for providing a subsidy-lock unlock procedure | |
CN110191464B (zh) | 一种防止sim卡被盗用的方法以及系统 | |
WO2016188022A1 (fr) | Procédé d'itinérance, serveur d'itinérance, terminal mobile et système | |
JP4759621B2 (ja) | 移動通信システム、加入者認証方法、加入者認証モジュール、移動機システム、認証エラー検出方法、認証ベクトル生成装置、及び認証ベクトル生成方法 | |
US20220279344A1 (en) | A Method for Recovering a Profile of a MNO | |
KR100982575B1 (ko) | 가입자 식별 모듈의 락 정보 변경 장치 및 방법 | |
CN110557745A (zh) | 用于管理用户设备的锁定的系统和方法 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: GEMALTO SA, FRANCE Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:MERRIEN, LIONEL;FERREIRA DA SILVA, RODRIGO;REEL/FRAME:029036/0360 Effective date: 20120823 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |